构建环境变量注入与安全治理（白名单-前缀-敏感剥离）最佳实践

实现示例type Env = Record<string, string>

function allowedKey(k: string, prefix: string, allow: Set<string>): boolean { return k.startsWith(prefix) || allow.has(k) }

function sensitive(k: string): boolean { return /(SECRET|TOKEN|PASSWORD|KEY)$/i.test(k) }

function evaluateEnv(env: Env, prefix: string, allow: Set<string>): { ok: boolean; errors: string[]; filtered: Env } {

const errors: string[] = []

const filtered: Env = {}

for (const [k, v] of Object.entries(env)) {

if (sensitive(k)) { errors.push(`sensitive:${k}`); continue }

if (!allowedKey(k, prefix, allow)) { errors.push(`not-allowed:${k}`); continue }

filtered[k] = v

}

return { ok: errors.length === 0, errors, filtered }

}

审计与运行治理审计变量使用清单与拒绝项；构建仅注入 `APP_` 前缀或白名单变量。禁止在日志中输出变量值；敏感键命中即阻断并告警。